Helping you make the most of the Internet

High value transactions – Guarding against fraud

Posted by on 11 Jul 2006 in Forward Thinking | 0 comments

Trading online has its risks as does any business, but if approached professionally with open eyes you can minimise your exposure to fraud with a few straightforward procedures. This is relevant to any online store, but particularly for people selling high priced items.

Step 1 – Get a “proper” payment gateway

This is all about finding the right tool for the job.

There are numerous third-party systems available that accept credit cards on your behalf (called payment gateways, or Payment Service Providers – PSPs). This is excellent because it minimises your risk of exposure to credit card details theft (see “so you want to store credit card information on your site“). High street banks also offer payment gateways and may be a suitable option depending on what you are trying to achieve with your site.

The important thing to do is to find a payment gateway that offers levels of fraud detection that you are satisfied with. Systems such as MasterCard Secure and Verified by Visa are becoming more widespread and a payment gateway that offers these options is an advantage over those that don’t because their use shifts the liability to the credit card issuer away from you, the merchant in the majority of cases. But it’s not a silver bullet, so don’t assume that just because you’re using them you’re covered – remember “eyes open”.

Remember to differentiate between services such as PayPal, Nochex, etc which – although they accept credit cards – essentially store cash in an online account for you which you can download, and true PSPs which handle the transaction and deposit received funds in your bank account automatically. The former services often have transaction limits which could limit the number of online sales you can make in a given period.

Next, look at the buyer and seller protection policies that the PSP offers. There may be some automatic coverage, or there may be additional insurance you can take out to guard against fraud. This usually means you pay a higher transaction fee (for example +1%) on every transaction for the safeguard that fraudulent transactions will not be your liability. Remember to check the small-print too.

Step 2 – Do you need an Internet merchant account?

Many true PSPs require you to have an Internet Payment Account (or Internet Merchant Account) with your receiving bank. These are separate accounts to standard merchant accounts, so if you accept credit cards in your shop it doesn’t mean it will be automatic online. Remember services such as PayPal don’t need this as they are essentially “cash stores”. Some PSPs offer a “virtual” Internet Merchant Account for you, meaning you don’t need one with your bank. However, they usually offset their risk by deferring payment to you. Check the small print.

Step 3 – Don’t rely on the technology

Technology is fantastic at automating repetitive tasks. However, people are inventive at circumventing the abilities of the technology. It’s a game of cat and mouse.

Use the fraud detection systems that the PSP offers – you should look for a PSP that provides a report so you can see transactions and how fraudulent the PSP thinks they are, e.g. “safe”, “possible fraud”, “don’t touch it with a bargepole”. This provides you with guideance about which transactions you should be avoiding.

However, your own visual review of the transactions can often show a pattern that might not be visible to the fraud tools the PSP provides – for example a single customer putting through different transactions in short succession, each of which appears OK on its own but ollectively form a fraudulent pattern. (Read Neil Kugelman’s story about his online jewellery store.)

There are additional checks and balances you can implement to reduce your risk of fraud. Here are some:

  • Don’t offer separate shipping address for International customers
  • Check address for card transaction matches delivery address manually – for example, contact the buyer and ask them to fax a copy of a recent utility bill. You can then double-check this reference with the utility company
  • Check the phone number – see it matches the buyers location. Also, avoid mobile phones
  • Avoid shipping to countries that are high risk
  • Be careful of remailing addresses, fraudsters use forwarding addresses
  • Check their email address actually works by sending them a personal message
  • Capture their IP address and verify it is in their quoted country
  • Don’t be in a hurry to ship, especially if the buyer is

Related Reading from this Blog

  1. So, you want to store credit card information in your site …
  2. Architecting Great Websites, The Site Engine
  3. Louis Roederer Cristal Champagne Scam
Advertisement